Move to Nix tooling

DanNixon · Nov 15, 2023 · 11e5afe · 11e5afe
1 parent 24d37cd
commit 11e5afe
Show file tree

Hide file tree

Showing 7 changed files with 278 additions and 75 deletions.
diff --git a/.envrc b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,61 +16,55 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v22
 
-      - name: Setup
-        run: rustup component add clippy rustfmt
+        # Evaluate the devshell here so that the time reported for subsequent
+        # steps that use it reflect what is actually done there.
+      - name: Evaluate devshell
+        run: nix develop
 
       - name: Format
-        run: cargo fmt -- --check
+        run: nix develop --command treefmt --fail-on-change
 
       - name: Clippy
-        run: cargo clippy -- -Dwarnings
+        run: nix develop --command cargo clippy --all-targets
 
-  build-and-test:
-    name: Build and Test
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Build and Test
-        run: cargo test
+      - name: Test
+        run: nix build -L --no-sandbox .#test
 
-  container-image:
-    name: Build and push container image
-    if: ${{ github.ref_name == 'main' || github.ref_type == 'tag' }}
+  build:
+    name: Build
     needs:
-      - build-and-test
       - formatting-and-quality
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v22
+
+      - name: Build
+        run: nix build -L .#default
 
-      - name: Derive tags
+      - name: Build and push container image
+        if: ${{ github.ref_name == 'main' || github.ref_type == 'tag' }}
         run: |
-          echo 'tags<<EOF' >> $GITHUB_ENV
+          set -x
+
+          # Build image via Nix and take the resulting path as the local container registry
+          local_cr="docker-archive://$(nix build .#container-image --no-link --print-out-paths)"
+
+          # The container registry to push images to (GHCR)
+          remote_cr="docker://ghcr.io/dannixon/matrix-remote-closedown"
+          remote_cr_creds="${{ github.repository_owner }}:${{ github.token }}"
+
+          # Push image using the Git ref name as the image tag (i.e. "main" or the tag name)
+          skopeo copy --dest-creds="$remote_cr_creds" "$local_cr" "$remote_cr:${{ github.ref_name }}"
+
+          # Push image using the Git SHA as the image tag
+          skopeo copy --dest-creds="$remote_cr_creds" "$local_cr" "$remote_cr:${{ github.sha }}"
+
+          # If the trigger was a tag (i.e. a release)
           if [[ "${{ github.ref_type }}" == 'tag' ]]; then
-            echo "latest ${{ github.ref_name }} ${{ github.sha }}" >> $GITHUB_ENV
-          else
-            echo "${{ github.ref_name }} ${{ github.sha }}" >> $GITHUB_ENV
+            # Push image using the "latest" tag
+            skopeo copy --dest-creds="$remote_cr_creds" "$local_cr" "$remote_cr:latest"
           fi
-          echo 'EOF' >> $GITHUB_ENV
-
-      - name: Build container image
-        id: build-image
-        uses: redhat-actions/buildah-build@v2
-        with:
-          image: matrix-remote-closedown
-          tags: "${{ env.tags }}"
-          containerfiles: ./Containerfile
-          oci: true
-
-      - name: Push image to GHCR
-        uses: redhat-actions/push-to-registry@v2
-        with:
-          image: ${{ steps.build-image.outputs.image }}
-          tags: ${{ steps.build-image.outputs.tags }}
-          registry: ghcr.io/dannixon
-          username: ${{ github.repository_owner }}
-          password: ${{ github.token }}
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 /target
+result
diff --git a/Containerfile b/Containerfile
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,113 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs";
+
+    flake-utils.url = "github:numtide/flake-utils";
+
+    fenix = {
+      url = "github:nix-community/fenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    naersk = {
+      url = "github:nix-community/naersk";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+    fenix,
+    naersk,
+  }:
+    flake-utils.lib.eachDefaultSystem (
+      system: let
+        pkgs = (import nixpkgs) {
+          inherit system;
+        };
+
+        toolchain = fenix.packages.${system}.toolchainOf {
+          channel = "1.72";
+          date = "2023-09-19";
+          sha256 = "dxE7lmCFWlq0nl/wKcmYvpP9zqQbBitAQgZ1zx9Ooik=";
+        };
+
+        naersk' = pkgs.callPackage naersk {
+          cargo = toolchain.rust;
+          rustc = toolchain.rust;
+        };
+
+        cargo = builtins.fromTOML (builtins.readFile ./Cargo.toml);
+        name = cargo.package.name;
+        version = cargo.package.version;
+
+        nativeBuildInputs = with pkgs; [cmake pkg-config];
+        buildInputs = with pkgs; [openssl];
+
+        lintingRustFlags = "-D unused-crate-dependencies";
+      in {
+        devShell = pkgs.mkShell {
+          packages = with pkgs; [
+            # Rust toolchain
+            toolchain.toolchain
+
+            # Code formatting tools
+            alejandra
+            treefmt
+
+            # Container image management
+            skopeo
+          ];
+
+          nativeBuildInputs = nativeBuildInputs;
+          buildInputs = buildInputs;
+
+          RUSTFLAGS = lintingRustFlags;
+        };
+
+        packages = rec {
+          default = naersk'.buildPackage {
+            name = name;
+            version = version;
+
+            src = ./.;
+
+            nativeBuildInputs = nativeBuildInputs;
+            buildInputs = buildInputs;
+          };
+
+          container-image = pkgs.dockerTools.buildImage {
+            name = "matrix-remote-closedown";
+            tag = "latest";
+            created = "now";
+
+            copyToRoot = pkgs.buildEnv {
+              name = "image-root";
+              paths = [pkgs.bashInteractive pkgs.coreutils];
+              pathsToLink = ["/bin"];
+            };
+
+            config = {
+              Entrypoint = ["${pkgs.tini}/bin/tini" "--" "${default}/bin/matrix-remote-closedown"];
+              Env = [
+                "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+              ];
+            };
+          };
+
+          test = naersk'.buildPackage {
+            mode = "test";
+            src = ./.;
+
+            nativeBuildInputs = nativeBuildInputs;
+            buildInputs = buildInputs;
+
+            # Ensure detailed test output appears in nix build log
+            cargoTestOptions = x: x ++ ["1>&2"];
+          };
+        };
+      }
+    );
+}
diff --git a/treefmt.toml b/treefmt.toml
@@ -0,0 +1,8 @@
+[formatter.nix]
+command = "alejandra"
+includes = [ "*.nix" ]
+
+[formatter.rust]
+command = "rustfmt"
+options = ["--edition", "2021"]
+includes = [ "*.rs" ]